Privacy is up to you

posted in: Life and things | 0

A couple of years ago the EU came up with a privacy requirement on websites. Now, I’m an Australian, so at first I thought it didn’t impact me. But the web, as we know, doesn’t take much notice of borders, even if the governments do (China, Russia, North Korea etc). I had to implement the requirements just in case somebody in Europe read my blog. In hindsight, it wasn’t too bad. Mine is a WordPress site, so WordPress had to do most of the heavy lifting with cookies and so on. I found a privacy policy for my site, and a plugin that tells you about how your information is used the first time you visit. The only data my site collects is a name and email address if you subscribe, comment, or contact me. And I don’t share it with anybody. You can also ask me to delete that information. Before you use my site (and all the others which meet the requirements) you have to agree to those conditions. It’s called ‘opt in’.

We’ve recently bought a new Toyota Rav 4. To our surprise, it even came with a couple of printed manuals, a rare and wondrous thing these days. It also came with Toyota’s Connected Services. When Peter picked up the car, he was asked to initial every page of a nine page document. He could have sat there and read it but, like most people, he didn’t. Most of it was about finance and administration – but one brief paragraph talked about the company’s right to collect information. Having initialled those pages, he had ‘opted in’.

So – what information has he agreed to provide? Toyota says it collects data to collect information to make the car safer. Toyota’s privacy policy states:

Safety & Security Your connected vehicle’s Safety & Security feature provides emergency assistance (SOS), Automatic Collision Notification (ACN) and stolen vehicle tracking (SVT). Safety & Security services use vehicle location data (your vehicle’s latitude and longitude) to determine where your vehicle needs assistance, your personal information (such as your name, address, phone number, email address, etc.) to verify your account, and your voice recordings (when you call our Toyota Emergency Call Centre) to provide assistance to you. Unless required or authorised by or under law, or an order of a court or tribunal, Personal information collected for the purposes of ACN and SOS and SVT services will not be used for any other purpose than for providing the ACN and SOS / Safety and Security Connected Services.”

But that’s not all. We can download Toyota’s connected services app to a smart phone and it will collect all sorts of useful information about the car. And there’s no doubt it is useful – things like fuel consumption, kilometres travelled, speeds reached, how you drive, book a service etc.

That’s lovely, but here’s the plot twist.

It’s free for 1 to 3 years depending on your model. After that, there’s a monthly fee. But what the monthly fee covers is as clear as mud. One article in suggests that ‘Toyota Essentials’ is free.

“Toyota Essentials will remain free of charge after the first year, and includes an SOS emergency call function, automatic collision notification and “essential vehicle insights” via the app, including fuel level, odometer, distance to empty, and whether doors and windows are open or unlocked. Apple CarPlay and Android Auto is also part of this package.”

But looking around on the Toyota site, I’m not convinced that’s true. An ABC News article tell us that “In a statement to ABC News, the company said customers could opt out of Connected Services, but that doing so would disable other features including Bluetooth and speaker functionality.” If that’s the case, Apple Carplay and Android Auto won’t work.

Even if Essentials is free, for more advanced features, you’ll have to pay. We’ll be talking to the dealership about some of the issues.

Toyota is not the only car company trying to claw back some cash flow by charging a monthly fee for data services. But they need to be upfront about it. What do I get if I pay, or more importantly, what do I lose if I don’t.

But this blog isn’t really about Toyota. It’s about privacy, using Toyota as an example. Reading Toyota’s privacy policy was a real eye-opener. We’re buying a car, right? A car to travel from point A to point B. Have a look at what Toyota collects about you. You can find the whole document here.

“We may collect and hold information about you including:

  • contact information and identification such as your name, date of birth, contact number(s), email address(es), residential and/or business address(es), demographic information (such as postcode, age, gender) and driver’s licence details;
  • payment details (such as account or credit card details) and payment-related information in connection with your purchase of our products and/or services;
  • vehicle and servicing details including vehicle registration, vehicle purchase details, name of your selling or servicing Toyota dealer, service appointment bookings, vehicle service and repair history (including in relation to Toyota Service Advantage, warranty, repairs and recalls, if applicable);
  • data collected as a result of connected services functionality, such as vehicle location. For details on the extent of information collected as a result of the connected services functionality, please see section 4;
  • finance details such as financial, insurance or credit information, marital status, employment details and history;
  • information collected from marketing campaigns, product research, customer surveys, your interactions with us including via social media, via Toyota community platforms such as Toyota Collective, or publicly available information that you post or publish or broadcast; and
  • information collected in connection with the use of the KINTO platform including insurance information, location and booking details.”

The data is collected any time you have anything to do with Toyota. And they will share it to Toyota overseas, mailing houses, when they check on your financial status (for loans etc). It’s worth reading through the document to see how easily your data can be shared with legitimate third parties.

The larger concern is data breaches, where criminals get hold of your data. Techcrunch reported that Toyota admitted in June 2023:

“… [it] exposed the data of more than two million customers to the internet for a decade. Today, the automotive giant said it recently discovered the data of another 260,000 car owners spilling from its systems.”

This article from the Guardian gives another perspective.

“Following an investigation, Choice has found Toyota’s “Connected Services” feature “collects information such as vehicle location, driving data, fuel levels, and even phone numbers and email addresses”.

“Car companies say these technology features increase driver safety, but in a world of data hacks and sharing, it’s just another way for companies to gather valuable information, whether consumers like it or not,” Choice’s senior campaigns and policy adviser, Rafi Alam, said.”

I stress that this is not just about Toyota. These days, anytime you buy anything substantial from (say) Harvey Norman, the Good Guys, JB HiFi etc etc (let alone Amazon) you are asked for information about you. At least they don’t have a copy of our passports.

So, although I bitched about having to jump through the privacy hoops years ago, I have to agree it’s necessary. If they hadn’t been obliged to publish their privacy policy, Toyota (and everybody else) would have had all that data about you and me without any obligation to ‘fess up.

The bottom line? Before you sign up, take the time to read that privacy policy. And create a new password for any app – don’t take the easy way out and sign in with Facebook or Google.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.